⚖️ A U.S. jury just hit NSO Group with $168M in damages for using Pegasus spyware to hack WhatsApp users in 51 countries—including 456 in Mexico, 100 in India, and dozens more in Bahrain, Morocco & Pakistan.

Meta proved NSO used a zero-day in WhatsApp calls (CVE-2019-3568) to silently hack phones—no tap needed.

🔗 Details: https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html

🧪 Looks like a harmless Discord dev tool…

But behind the scenes? Full remote access.

📦 A fake PyPI package has 11,574+ installs
💥 Still live. Still dangerous.
😨 You won’t believe how it bypasses firewalls.

And it’s not the only one.

👀 What else is hiding in your software stack?

Read the full uncovering by researchers: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html

🚨 A U.S. org was hit by Play ransomware using CVE-2025-29824 before it was patched. Attackers slipped in via a Cisco ASA, dropped fake Palo Alto files, stole AD data, and planted custom tools — but didn’t launch ransomware.

🔗 Read: https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html

🚨 Your SSE stack sees the network—but not the browser.

🔹 It can’t tell if a user pastes code into ChatGPT.
🔹 Or uploads IP to Dropbox.
🔹 Or uses a personal Google Drive.
🔹 Or if a browser extension is stealing credentials.

That’s the last mile—and it’s unprotected.

A new report reveals the blind spot in today’s SSE architectures… and what’s needed to fix it.

👉 Don’t secure half the picture | Read the report: https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html

🚨 No login. Full access. One POST request.

A newly revealed exploit chain in on-prem SysAid lets attackers go from XXE injection to admin takeover—and that’s before combining it with OS-level command injection.

Details: https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html

Admins, don’t wait—patch now.

Don’t let attackers turn your own tools against you. 🚨

Bitdefender brings true innovation to endpoint security with the launch of GravityZone PHASR — the industry’s first solution to dynamically tailor hardening for each user.

Learn more: https://thn.news/gravityzone-phasr

🚨 100K+ WordPress sites at risk!

A critical OttoKit flaw (CVSS 9.8) is under active attack—no login needed.

Two bugs. One exploit chain. Admin access in minutes.

Full story, attack IPs, and fix → https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html

💪 Europol just dismantled 6 major DDoS-for-hire services used to launch thousands of global attacks—for as little as €10 a hit.

🔹 4 arrested in Poland
🔹 9 domains seized by the U.S.
🔹 Operation PowerOFF strikes again.

These slick platforms let anyone pay to flood schools, gov sites & gaming servers offline, no tech skills needed.

🔗 Read → https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html

🚨 Update: The latest version of Samsung MagicINFO 9 Server is being actively exploited—despite a patch issued in Aug 2024.

🔍 Researchers at Huntress say the flaw is still vulnerable to attack via a public PoC.

🔗 Read: https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

🛑 New Cisco flaw scores a perfect 10.0 CVSS.

A hardcoded token. Root access. No login needed.

If you run Catalyst 9800 wireless controllers, you’ll want to check this fast.

👉 Read more about CVE-2025-20188 here: https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html

🛠️ Microsoft hit 1,360 new vulnerabilities in 2024 — a record high. But here’s the twist—critical flaws are at a decade low.

So why are security leaders still on edge? Legacy code, AI risks, unstable patches… and a looming October 2025 deadline.

💥 The real threat isn’t always the loudest one.

Get the full story in the 2025 Microsoft Vulnerabilities Report: https://thehackernews.com/expert-insights/2025/05/dissecting-2025-microsoft.html

⚠️"I’m not a robot" just became dangerous.

A Russia-linked group is using fake CAPTCHAs and PowerShell tricks to quietly deploy a new espionage tool—LOSTKEYS.

Targets? The usual... and some surprising ones.

Read full story → https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html

🚨 China-linked hackers hit Japan & Taiwan!

Govt agencies were targeted with ROAMINGMOUSE, a stealthy Excel-based malware dropper delivering an upgraded ANEL backdoor.

It starts with a real OneDrive link. Ends with deep system access.

But there’s more under the surface...

🔗 See how the attack works → https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html

🔐 Learn from industry experts and gain hands-on experience with integrated cybersecurity strategies, policies, and safeguards.

Don’t miss this event → https://thn.news/gc-cyber-risk-fb

🚨 AI is only as secure as the data it relies on.

As generative AI adoption grows, one question matters most:

Can you trust your data?

Sentra Security’s latest blog breaks down why visibility & control are key to safe, reliable AI.

Read more 👉 https://thn.news/ai-secure-data-x

🚨 Qilin Ransomware Surges to #1

A stealthy tool called NETXLOADER is fueling Qilin’s explosive growth—45 victims in April alone, across sectors like healthcare, finance, and tech.

Find details here — https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html

⚠️ Another one? A SonicWall bug from 2021 just came back—and might’ve been exploited.

Now, 3 new flaws in SMA 100 appliances open the door to root-level access via VPN.

Don’t wait for PoC exploit | Update now → v10.2.1.15-81sv

🔗 Details here: https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

🔥 38,000+ fake sites. Millions stolen. AI-written lures.

A stealthy phishing network ("FreeDrain") is hijacking Google results to drain crypto wallets in minutes.

👀 Seed phrases, Discord traps, fake wallet UIs... all fair game.

See how it works → https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html

h⚡ A China-linked group is actively exploiting a critical CVE-2025-31324 flaw (CVSS 10.0) in SAP NetWeaver, targeting industries from energy to government.

They’re using advanced post-ex tools, fake Cloudflare certs, and hosting malware on Chinese cloud IPs.

Patch fast. Read → https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html

🔐 AI fights scams like never before!

Google just armed Chrome & Android with on-device Gemini Nano AI to block never-before-seen frauds—live, in real-time.

👀 20x more scam pages now detected
📉 80%+ drop in fake airline support
🚨 Android to warn of shady notifications

👉 Read how it works: https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html